In: About Security

A HIPAA Compliant Document Management Solution

A HIPAA compliant document management solution can be achieved while going paperless.  In fact, it may be argued that a paperless office is more secure than a papered office.  To satisfy HIPAA compliance, some of the things a document management solution must have is:

  • Log all activity at the file level of paperless documents.
  • Allow role based access permissions for users.
  • Force password changes to access of the paperless office solution.
  • Force log out of inactivity at the user level.

These are some major requirements to ensure HIPAA compliance.  The good news is that many paperless office solutions are in fact a HIPAA compliant document management solution.  In fact, both auditors and business love document management solutions.  A company can prepare audit files by granting access to their date by user account and permissions, then locking it down to just those files only.  The auditor can then log into the document management software to see their requested documents, and only those requested documents.

Let us imagine you do not have a HIPAA compliant document management solution.  You hire a new employee dedicated to filing your HIPAA sensitive documents.  Their job is also to make extra copies, one to store on-site, and one copy to store in off-site storage for auditing purposes.  The employee does well, but then does not show up to work after being employed for a month.  Several months later you find that person on the news, and they have committed multiple counts of fraud using fake filed tax returns.

Your heart stops.  Did you follow all guidelines and HIPAA compliant document protocols?  The source of the identity theft was traced to a previous job, the job the employee held at your business.  Now, state auditors have shown up at your business to check HIPAA compliance of your documents.  Maybe your business cannot be held responsible for the theft of the documents, but now you are on the radar of auditors checking HIPAA compliance of your document management protocols.  You and your employees halt the business, and begin to check all your documents to make sure your business will pass an audit.

A similar real life scenario happened with a business I was familiar with.  They serviced handicapped clients with various developmental disorders.  Often times, a client would become upset with them, for unsubstantiated reasons such as “I don’t like being made to brush my teeth.”  That client would call the abuse line and claim abuse, or make up lies about caretakers.  Whenever that happened, the local auditors would come and conduct a mandatory investigation.  Work that day would literally halt as employees would double check all their files and records.  They would need to make sure everything was well documented, and all records were kept up to date.

Now imagine having a HIPAA compliant document management solution in place.  The employee would have never had access to steal forms.  In fact, that employee would probably not have even need to have been hired, since paperless items could have automatically be files in the document management solution.  If they did have access, everything could have been tracked.  Whenever they pulled up a document, printed one, or moved one in the paperless system, it would have left a digital audit trail of exactly what they did and when.  The same with files needed for audits.  The auditor could have been given a login to the system, and see only the specific files they asked for.  Since everything was kept in a HIPAA compliant document solution, everything would have been organized and properly filed.

If you have a business that needs to adhere to HIPAA compliance procedures, then a paperless document management solution is right for you.  Attend our FREE paperless webinar live, and ask questions about how going paperless can help your business.

Comment Form

You must be logged in to post a comment.